Dr C Gray Girling, married, two children
Cambridge, UK
Born: 18-08-56, Felixstowe, Suffolk, UK
Web: http://www.gdkc.homeip.net/work/
Gray is a practised network security researcher and a capable computing system designer. He is as happy writing embedded C software near to the software/hardware boundary as specifying protocols or designing distributed security architectures. Experienced at providing constructive criticism he enjoys any mix of academic supervision & review, design, documentation and programming. With an enquiring nature Gray is always interested in investigating new technology and methods. A friendly and positive attitude means that his capacity to work independently is complemented by an ability to fit in as part of a group.
Cambridge University, Ph.D. in Computer Science (Authentication in Computer networks)
Imperial College of Science and Technology, B.Sc.(Eng) in Computer Science (2.1)
Chartered Engineer (C.Eng.)
Chartered IT Professional (CITP)
Member of British Computer Society (MBCS)
Associate of City and Guilds Institute (ACGI)
Computer system security
Security and communications (OSI) related standardization
Formal requirements specification
LAN and WAN networking, protocol design and implementation
Open Distributed Processing standardization
Software Engineering (Embedded & Application programming)
Project management
Academic
Hardware design
Software activities at Conexant all involve direct interaction with licensees and internal staff through a web-based defect tracking system, use of a source control system (CVS), software development in the context of ISO 9001 procedures, and relatively rigid target specification and review management.
Primary maintainer of the "Quantum" kernel for ISOS (Integrated Systems on Silicon) software and its associated abstraction layer. The kernel typically operates on an ARM in a dual-processor (master-slave) configuration. Some involvement with a port of the abstraction layer to a MIPS-based hardware base, to a Linux kernel environment, and to a emulated ARM simulated hardware base.
Developed Quantum through consensual local "interest group" meetings. Implemented process-priority-inheritance-from-message-priority for better performance of QoS (Quality of Service) streams in the protocol stack. Implemented an alternative "interrupt" abstraction interface to allow gradual migration from legacy scheme to one involving process-based servicing, to reduce processor interrupt latency and to facilitate better control of QoS. Provided a process "service class" abstraction in Quantum to represent priorities and their alternatives.
Technical management of (Russian) contractors providing a port of ISOS software to VxWorks.
Technical lead in the Multi-national team that produced a port of ISOS software to the Windows CE.Net operating system (version 4.2) which subsequently became a product. This was the first port to an operating system that used dynamic page mapping - which presented particular hurdles.
Extended the low-level system-object database to incorporate limited multiple-inheritance.
Developed a stream based interface that was both compatible with legacy (ATMOS) code and allows extension appropriate for the use of operating systems in which processes are not allowed the same access to memory (currently unused).
Provided and taught the central contribution for an occasional course about porting "Quantum" to other operating systems.
Involved, as one of the founders, with the setup of this consulting and research company specializing in wireless networks and vehicle information systems. Accepted a position elsewhere just prior its becoming a limited company.
Supervisory contribution to a series (2) of PhDs on Location Information security (over the period): one concerning anonymity within a location sensing network and the other concerning location information confidentiality beyond such a network.
Supervision of 4th year B.A. project involving the pragmatic use of existing open-source tools for the construction of a secure voice-over-IP system.
"Quiver" compact Prolog-like language design, specification and implementation (in C) for program and data migration between embedded computer nodes + LINDA implementation for event communication. Ports to Linux, ARM embedded system and Toshiba microcontroller. Part of the remit for this language is to provide an intermediate between policy specification and implementation.
Initial design of Muti-Protocol Label Switching (MPLS) network to "Ethernet Virtual Circuits" gateway using an Intel IXP 1200 processor using Columbia University's "netbind" software (involves ARM Linux).
Consumer broadband - Internet TV to home - project in Liaison with AT&T Laboratories in Florham Park, New Jersey - port Linux to Banyan (IDT 79RC32355)/Datapath ATM switch. This included writing a Linux ATM driver and substantially improving an Ethernet one.
Leader of a small team implementing Prototype Embedded Network (PEN) pico-radio network systems - low power ad-hoc mobile networking with no "base" station - design & implementation (in C) of protocols.
Web CGI interface to daily sensor network readings compiled by PEN nodes (HTML/shell /expect/perl scripts & C).
"EEK" real-time operating system (RTOS) design & implementation (C/assembler) including portable kernel, memory management, streams, accurate timer service, event mechanism, portable interrupt mechanism; documentation and user support, ports to Toshiba TLCS microprocessor and ARM and strong-ARM hardware platforms. Modular O/S-generic build environment using an ad-hoc system specification language.
Review of a number of commercial and academic real-time operating systems (including Nucleus, pSOS, QNX, VxWorks and Cambridge University's "Nemesis").
Design and implementation (in C) of Linux Ethernet (ATM LAN Emulation) driver for Virata ATM protocol processor Network Interface Card (NIC).
Monitor ROMs (c.f. "BIOS") for various ARM-based hardware platforms and support for EEPROM & flash filing system, remote debugging (ATM protocol), ATM support, self testing, booting from serial ROM (C/assembler).
ROM and ATMos (ATM Operating System) remote debugging servers and Unix & Windows clients - ATM and PCI bus transport mechanisms - remote booting, breakpointing, register modification etc. (in C).
Internet (TCP/IP) protocol stack design and implementation (in C/C++) for "ATMOS" embedded operating system including related protocols: ICMP, UDP, RIP II; over AAL5 (ATM protocol) and over Ethernet; ARP, RARP over Ethernet; implementation of "MIB II" SNMP management information base. This was transferred to a spin-out company (now GlobespanVirata) and became a core part of its product portfolio.
Integration of Xpress Transport Protocol (XTP) with TCP/IP (on ATMOS) and general protocol performance evaluation (C++).
Routine maintenance of two ATM networks with about 150 nodes.
Documentation of "ATMOS" kernel and development environment and user support (Framemaker/Word/HTML).
Business unit:
Open Distributed Processing (ODP) Security Standardization (over six months) for DTI and British Standards Institute - Delivering Information Solutions to Customers (BSI/DISC) (standards contribution, ISO meeting attendance).
R&D in Advanced Communications technologies in Europe (RACE) II "Cassiopeia" project dealing with the application of ODP to Telecommunications (over eight months) for Cray Communications Ltd (programme evaluation and recommendations).
Department of Trade and Industry (DTI) Programme of Research on Conformance Testing (PROST) ODP scoping study (over seven months) - (report editor and contributor).
Defence Research Agency (DRA) Technology Demonstrator - security architecture analysis (over three weeks) for DMR UK (consultancy report).
Research unit:
Advanced Network System Architecture (ANSA) Phase III "federation" work (the integration of heterogeneous distributed computing systems) - in particular the design, as part of a team of 4, of an advanced properties "trader" based on extant database technology.
Advancement of the Security Framework Standard (ISO 10181) in the UK (continuing for the whole period) for DTI & BSI. (Chairing BSI committee, attendance at ISO meetings, submission of and comment on standards contributions.)
"COMPOSITE" Commission of the European Communities (CEC) Security Investigations project - development of security architectures/principles for distributed computer systems (consultancy report writing).
Transputer-based IED fault tolerant system demonstrator project - fault tolerance model (for six months) for DTI (consultancy report writing).
Analysis of security provision in "ITRON" radio-based wide area utilities servicing network (over 1 month) for a UK Utilities consortium (consultancy report writing).
Unix (SunOS) and Acorn RISC-OS system maintenance.
Advancement of the Security Framework (ISO 10181) Standard in the UK which sought to provide definitions and network mechanisms for authentication, access control, non-repudiation, integrity, confidentiality and security audit with additional material on security domains and security policies
Involvement in national, European and international standards creation (over three years) for DTI and BSI/DISC, including specification of a taxonomy of security standardization in the CEN/CENELEC IT ad-hoc Experts Group on Security (used to drive European standardization work).
Computer security in distributed computer (Trusted NETwork) systems - various non-open research (over six years) for the Communications-Electronics Security Group at Government Communications Headquarters including: formal modeling of confidentiality; specification of a layered architecture for secure distributed systems (a 250 page "conceptual model"); evaluation of US trusted computing standards; and, a demonstration of covert-channel capacity on LANs.
"TopMail" extension - design of AppleTalk product extension to interwork with X.400 (over three months) for Topexpress.
Postscript drivers for word processors and "GCAL" markup language (in C).
Distributed mail server design and implementation (over 1 year) for Acorn
Distributed authentication and access control service design, implementation and maintenance (Thesis) (over the period) (BCPL, Z80 assembler). After a meeting with Paul Karger, a security contributor to X from MIT, the X consortium adopted some of the ideas in this thesis and consequently use "cookies" for authentication in their ubiquitous windowing system.
DTI Project "UNIVERSE" authentication experiment and demonstrations - including of low level Cambridge Ring protocols implementation (6502 assembler, BASIC) on Acorn BBC microprocessor (over the period).
"Gyp" debugging server together with a small networking operating system implementation (assembler) on Z80 (over 1 year).
Cambridge Distributed system maintenance, "TRIPOS" help system implementation (own markup language) and OS maintenance.
Implementation (BCPL) and maintenance of a set of microprocessor assemblers (over the period).
Interests in travel, SCUBA diving, high diving, swimming, skiing, food, wine, films.
Creation and maintenance of local school's website http://www.spinney.cambs.sch.uk/ including IT start-up area for parents and a perl-based maintenance interface.
Home network with 7 PCs, inc. "TV PC", Linux security gateway, IEEE 802.11g radio LAN.
Acorn RISC-OS and BBC Micro programming (applications, tools, operating system modules in assembler, BASIC, C).
(Spare time generally dominated by child maintenance!)
Familiar with a number of formal definition and programming languages.
Attendance at a number of computer security, internet protocol and low power radio system conferences.
Attendance at a large number of ISO (and some CEN/CENELEC) standards meetings.
Have published in the areas of network security, conformance assessment and low-power protocol design.
Implementation of distributed network security on the Cambridge Distributed Computing System.
PhD in network Authentication.
6 years designing secure Local Area Networks for CESG (part of GCHQ in the UK).
Developed wide variety of security mechanisms in ISO 10181 (ISO security frameworks standard).
Configuration & use of FreeSwan Linux IPSEC solution for home/work networking.
Supervised 2 PhDs in Location Confidentiality & Access Control and 4th year project in Secure Voice over IP.
Analysed security vulnerabilities in Solarflare "onload" TCP/IP protocol stack.
A number of papers (Covert channels, ODP traders, Low-power protocol design) a list of publications can be found at http://www.gdkc.homeip.net/work/Publications.html
Ph.D./4th year B.A. student supervision (security)
MA/Ph.D. student viva examination (interface design/security)
Reviewer of submitted papers in various computer system related subjects
Flexible test case specification and execution framework for Solarflare Network Interface Controllers supporting multiple test points and interfaces.
Architecture, design and implementation of "FTL" simple closure-based interpreted language specializing in providing scripting and command line utilities from C APIs.
Co-design and implementation of the control plane for Solarflare "onload" (combined kernel/user-mode) NIC driver.
Per-application "onload" stack configuration management system.
FTL-based utilities for Solarflare control plane configuration, "onload" stack feature configuration, dynamic "onload" stack virtual channel data-structure access, direct access to NIC registers, management CPU remote access, and Network Control - Sideband Interface (NC-SI) NIC management protocol use.
"Quantum" extensible interrupt system, stream I/O system, scheduler enhancements for QoS.
Porting Operating System abstraction API to Windows CE.Net and aiding port to VxWorks and Linux.
Installation of "netbind" modular switch on Intel IXP 1200 processor (using ARM-linux) for MPLS gateway.
Linux port + ATM driver for IDT ("Banyan") MIPS processor
Embedded Environment Kernel "EEK" (and build environment) design & implementation including ports to various hardware bases. EEK is a small message-based multitasking O/S based on the "µCos" kernel.
"ATMos" TCP/IP and related protocols, ATM and Ethernet design and implementation, maintenance (subsequently used as basis of commercial product).
ARM-based Monitor ROM modularization, implementation and porting - remote debugging, flash filing system, booting over ATM.
Linux LAN Emulation driver for Virata ATM protocol processor.
"TRIPOS" device drivers, tasks, utilities and maintenance.
Simple Z80 operating system implementation.
Familiar with a number of programming and scripting languages including object orientated ones.
Extensive microprocessor assembler programming.
At home: 6502 wordstar style screen editor, Acorn "RISC-OS" modules, tools, paginators, WIMP code, Microsoft Access/Visual Basic accountancy package (in support of a business).
9 year involvement in ISO security standards (especially ISO 10181, the OSI security frameworks)
Attendance at ISO OSI (JTC1/SC21) meetings 1988 - 1994
Seminal contribution to CEN/CENELEC taxonomy of security standards
Analysis of various security criteria standards for government
Large volume of Z specification for secure LAN design
Some knowledge of CSP and VDM
Contributions to BSI ODP panel improving ODP Reference Model
Wrote a security architecture for ODP Reference Model
Ad-hoc Solarflare NIC Management CPU debug interface protocol clients.
Distributed Task Management Forum's Network Controller Sideband Interface (NC-SI) protocol client and server (for management of Solarflare's "Siena" NIC).
Protocol stack design for Prototype Embedded Network (PEN) radio-computer nodes including low-power MAC Protocol implementation over radio.
"Quiver" design and implementation - Prolog-like modular interpreted language supporting migration in frequently partitioned networks.
Remote debug and boot servers (Monitor ROM and ATMos) and clients (MS-DOS and Unix).
Early experience with "Cambridge Ring" systems and Project Universe satellite backbone LAN system.
Authentication server and debugging server implementation (and associated applications).
6 years distributed system design with accent on security (as above).
TCP/IP and related protocols (e.g. ICMP, RIP II) implementation over ATM and Ethernet.
Network and Application layer architecture from OSI standards.
Development of fault tolerance model.
Contribution to directly relevant Open Distributed Processing (ODP) standards.
Application of ODP to Telecoms in "CASSIOPIEA" European project.
Work in Advanced Network System Architecture (ANSA) programme (including federation with OMG's "CORBA").
Design of architecture for trusted distributed network systems.
Involvement in ISO/IEC JTC1/SC21, the committee that defined the OSI "7-layer" model.
Outline of specification method appropriate for hardware implementation of layered protocols in VHDL
Initial VHDL specification and animation of MAC-symbol "layer" in FPGA to support low power radio nodes
Technical management of 4-6 person team porting "Quantum" to Windows CE.Net.
Technical management of (Russian) contractors providing a port of ISOS software to VxWorks.
Lead small team implementing PEN mobile low-power device network
Chair of BSI IST/21/-/1/1 (communications security standards) for 5 years
Management of DTI standards contract
De facto management of "PROST" project with APM, NIST, OMG, NPL and University of Kent at Canterbury
Also of APM's "Cassiopeia" involvement
Personal management of short DMR contract
Secretary of childrens' after school club for 3 years and 7 years on management committee